Wednesday, October 24, 2012

Ridiculous Administration Premise on U.S., Iran, and Saudi Aramco

Nicole Perlroth's New York Times story - In Cyberattack on Saudi Oil Firm, U.S. sees Iran Firing Back - is a ridiculous premise based on confusing hypotheses regarding malware that may not even have come from the U.S. But before I cover that, I'd like to know in what universe does a country who was on the receiving end of multiple perceived U.S. cyber attacks go after an entirely different nation in revenge?

The answer to that rhetorical question is none. There's no logical reason for Iran to attack Saudi Aramco in order to send a message to the U.S. I've written many times my belief that the Aramco attack was Iran sending a message to Saudi Arabia to not increase its oil production because of sanctions imposed on Iran. That may or may not be true but at least it follows a logical order.

1. Iran makes a threat to SA - Don't increase your oil production.

2. SA ignores the threat and increases production anyway.

3. Iran destroys Aramco's 2000 servers and 30,000 workstations.

To believe the Times story, the logic would have to flow differently:

1. Iran is hit by malware that it believes was created by the U.S. which destroyed some servers in its oil ministry.

2. It retaliates against the U.S. by destroying servers owned by Saudi Aramco.

Really? Does that make sense to anyone?

Apart from that glaring logical inconsistency, there's a factual flaw in Ms. Perlroth's reporting that needs to be corrected. No one has a copy of the original Wiper malware that hit Iran's oil ministry last April so it's impossible to know that it was part of Flame. Further, no one knows who was responsible for Flame because the connection between Flame's creators and Stuxnet/DuQu's creators is limited to the assumption that they "knew each other". That hardly qualifies as coming from the same nation-state. All in all, this article was far below the quality that I've come to expect from Nicole Perlroth. I hope it doesn't serve to aggravate an already tense situation between between the U.S. and Iran.

UPDATE (24OCT12): I just spoke with Nicole Perlroth and learned that her article was mean't to take a skeptical view of the administration's campaign to pin cyber attacks on Iran. I reread the article and I'm still not clear on which points she was being skeptical about however based upon my respect of her past research, I've changed the name of this post to "Ridiculous Administration Premise ..." instead of "Ridiculous NY Times premise" since that was Ms. Perlroth's intent - to express skepticism of the Administration's position on this issue.